In today’s world, most people assume their computers are safe if they have an antivirus program installed. This is a good, proactive step, to be sure. But it’s the choice many of us make not to do something that leaves us vulnerable to cyberattacks.
I’m talking about software updates.
I get it, software updates are annoying, especially if they prompt you during the middle of your workday or while you’re browsing Facebook at home. But the greatest risk to our computing infrastructure today is cyberattacks that operate under the base assumption that you have not installed the latest updates to guard against malicious code.
It’s simple. Anytime your software or operating system has an update available, update it whether you have a desktop, laptop, tablet, or mobile phone. But if you’re like most people, you put it off until your device forces you to update or you get a virus.
Ninety days before the NotPetya attack happened in June 2017, which cost the global private sector an estimated $10 billion, Microsoft released an update that would have stopped the virus from exploiting users’ computers. Did everyone utilize this update?
Of course not. That’s what allowed the virus to spread across Europe and the world.
But the people who did install the update protected their computer and information. This is one of the simplest, most effective cyberhygiene habits you can practice.
Had everyone been vigilant about installing updates as soon as they were released, the impact of NotPetya would have been so small that it wouldn’t have been worth noting.
Debunking Software Update Myths
- Photo by Fotis Fotopoulos on Unsplash
A common reason users do not install updates in a timely manner is because they don’t understand the need for it. When a new update is released, many people will read the description and say, “Whatever. That doesn’t make any sense to me. It’s a bunch of security and technical jargon, so it must not be important. Besides, I can’t imagine why anyone would hack me. Nothing I have would justify their effort.”
They aren’t acutely aware of the threats—like NotPetya—that can cause them harm specifically because they didn’t install the update. Automated crime costs almost nothing to commit, so even making a few hundred dollars off a target is worth the effort.
Still, the idea of a software update is very ethereal. You can’t see it or feel it, so it makes the need for the update less clear.
There’s also the people who grew up in an era when installing a software update was risky. It could either break the system outright, or it greatly reduced the performance of your entire system or a specific application. This happened when updates were not well tested or they were put out so quickly that they had flaws or defects.
This was a more common occurrence in the past, and while it still happens today, it is much less common. Therefore, it’s riskier to ignore updates than it is to install them.
- Photo by Dlanor S on Unsplash
The Cost to Companies that Don’t Update Software
Microsoft understands the importance of software updates, which is why the consumer version of Windows 10 automatically updates. No matter how frustrating it is, you don’t have the ability to turn that automatic update feature off.
Commercial-grade versions of Windows, on the other hand, allow companies to decide which updates to install and when. That distinction is significant because companies, unlike individuals, lose significant revenues when their systems don’t perform sufficiently.
As a result of their ability to delay updates, most companies using Windows don’t immediately install updates because it could cost them millions of dollars in revenue if they were to go offline due to a wonky update. So instead of installing immediately, they put the updates through a testing protocol, which might take up to several weeks.
Cybercriminals are recognizing this trend, which is why cycle time between the public release of an update and the release of an exploit is shrinking. Companies cannot test and install updates fast enough to guard against the damage of malicious code.
Our digital adversaries are constantly studying and improving, and if you don’t do the same, you’ll be vulnerable. You can’t stand still and expect to survive. Cybercriminals are constantly learning how to outmaneuver us in their ability to steal our digital assets, the same way a competitor would try to steal our revenues.
We must learn to outmaneuver them back. If a new competitor comes into town and starts selling what you’re selling but for 30 percent less, what do you do? You have to innovate or go out of business. If you can adopt that mindset—viewing the adversary on the Internet as you would a competitor that you face in the market—you’ll be better prepared and more likely to install updates as they become available.
This article is adapted from my book Fire Doesn’t Innovate. For more advice on software updates, you can find Fire Doesn’t Innovate on Amazon.